Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package socat for openSUSE:Factory checked 
in at 2026-06-29 17:29:59
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/socat (Old)
 and      /work/SRC/openSUSE:Factory/.socat.new.11887 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "socat"

Mon Jun 29 17:29:59 2026 rev:51 rq:1362235 version:1.8.1.3

Changes:
--------
--- /work/SRC/openSUSE:Factory/socat/socat.changes      2026-03-19 
17:37:20.525722090 +0100
+++ /work/SRC/openSUSE:Factory/.socat.new.11887/socat.changes   2026-06-29 
17:30:35.282500040 +0200
@@ -1,0 +2,11 @@
+Sun Jun 28 18:24:28 UTC 2026 - Dirk Müller <[email protected]>
+
+- update to 1.8.1.3 (bsc#1269219, CVE-2026-56123):
+  * The new SOCKS5_OVERFL test for CVE-2026-56123 failed on
+    platforms with non-bash default shell (false positive).
+  * There was a possible heap overflow in the socks5 client code.
+    It could be triggered by connecting to a malicious socks5
+    server that expected this connection and had knowledge about
+    details of the client binary code.
+
+-------------------------------------------------------------------

Old:
----
  socat-1.8.1.1.tar.gz

New:
----
  socat-1.8.1.3.tar.gz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ socat.spec ++++++
--- /var/tmp/diff_new_pack.MaAwN4/_old  2026-06-29 17:30:35.886520864 +0200
+++ /var/tmp/diff_new_pack.MaAwN4/_new  2026-06-29 17:30:35.890521003 +0200
@@ -1,7 +1,7 @@
 #
 # spec file for package socat
 #
-# Copyright (c) 2026 SUSE LLC
+# Copyright (c) 2026 SUSE LLC and contributors
 # Copyright (c) 2010 Pascal Bleser <[email protected]>
 # Copyright (c) 2025 Andreas Stieger <[email protected]>
 #
@@ -19,10 +19,10 @@
 
 
 Name:           socat
-Version:        1.8.1.1
+Version:        1.8.1.3
 Release:        0
 Summary:        Multipurpose relay for bidirectional data transfer
-License:        MIT AND SUSE-GPL-2.0-with-openssl-exception
+License:        LicenseRef-SUSE-GPL-2.0-with-openssl-exception AND MIT
 Group:          Productivity/Networking/Other
 URL:            http://www.dest-unreach.org/socat/
 Source:         
http://www.dest-unreach.org/socat/download/%{name}-%{version}.tar.gz

++++++ socat-1.8.1.1.tar.gz -> socat-1.8.1.3.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/socat-1.8.1.1/CHANGES new/socat-1.8.1.3/CHANGES
--- old/socat-1.8.1.1/CHANGES   2026-02-12 14:37:55.000000000 +0100
+++ new/socat-1.8.1.3/CHANGES   2026-06-26 08:19:01.000000000 +0200
@@ -1,4 +1,24 @@
 
+####################### V 1.8.1.3:
+
+Testing:
+       The new SOCKS5_OVERFL test for CVE-2026-56123 failed on platforms with
+       non-bash default shell (false positive).
+
+####################### V 1.8.1.2:
+
+Security:
+       Socat security advisory 10
+       CVE-2026-56123
+       There was a possible heap overflow in the socks5 client code. It could
+       be triggered by connecting to a malicious socks5 server that expected
+       this connection and had knowledge about details of the client binary
+       code.
+       Only builds with C signed char (vs.unsigned char) are affected.
+       Thanks to Tristan Madani for finding and reporting this issue, and for
+       conveying the process.
+       Test: SOCKS5_OVERFL
+
 ####################### V 1.8.1.1:
 
 Corrections:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/socat-1.8.1.1/VERSION new/socat-1.8.1.3/VERSION
--- old/socat-1.8.1.1/VERSION   2026-02-12 14:37:55.000000000 +0100
+++ new/socat-1.8.1.3/VERSION   2026-06-26 08:19:01.000000000 +0200
@@ -1 +1 @@
-"1.8.1.1"
+"1.8.1.3"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/socat-1.8.1.1/test.sh new/socat-1.8.1.3/test.sh
--- old/socat-1.8.1.1/test.sh   2026-02-12 14:37:55.000000000 +0100
+++ new/socat-1.8.1.3/test.sh   2026-06-26 08:19:01.000000000 +0200
@@ -649,6 +649,9 @@
 mkdir -p "$TD"
 #trap "rm -r $TD" 0 3
 
+BINDIR=$td/bin
+mkdir -p $BINDIR
+
 echo "Using temp directory $TD"
 
 RESULTS="$TD/results.txt"      # file for list of results
@@ -21129,6 +21132,78 @@
 esac
 N=$((N+1))
 
+
+# Above tests introduced with 1.8.1.0 (none with 1.8.1.1)
+#==============================================================================
+# Below tests introduced with 1.8.1.2
+
+
+# Test socks5 client buffer overflow (CVE-2026-56123)
+NAME=SOCKS5_OVERFL
+case "$TESTS" in
+*%$N%*|*%functions%*|*%bugs%*|*%security%*|*%socks5%*|*%socks%*|*%%*|*%%*|*%socket%*|*%$NAME%*)
+#*%internet%*|*%root%*|*%listen%*|*%fork%*|*%ip4%*|*%tcp4%*|*%bug%*|...
+TEST="$NAME: socks5 client buffer overflow"
+# Start a listener that emulates a malicious socks5 server, using a temporary
+# shell script;
+# connect using Socat with socks5 client;
+# when is terminates with rc=0 the test succeeded (not vulnerable)
+if ! eval $NUMCOND; then :
+# Check if this test can be performed meaningfully
+elif ! cond=$(checkconds \
+                 "" \
+                 "" \
+                 "" \
+                 "IP4 TCP LISTEN SHELL GOPEN SOCKS5" \
+                 "TCP4-LISTEN SHELL GOPEN SOCKS5" \
+                 "socksport" \
+                 "tcp4" ); then
+    $PRINTF "test $F_n $TEST... ${YELLOW}$cond${NORMAL}\n" $N
+    cant
+else
+    mkdir -p "$BINDIR"
+    tf="$td/test$N.stdout"
+    te="$td/test$N.stderr"
+    tdiff="$td/test$N.diff"
+    tsh="$BINDIR/test$N.sh"
+    cat >"$tsh" <<__EOF__
+#! /usr/bin/env bash
+$ECHO -n "\\x05\\x00"
+relsleep 1
+$ECHO -n 
"\\x05\\x00\\x00\\x03\\xfdAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
+__EOF__
+    chmod a+x "$tsh"
+    newport tcp4       # -> PORT
+    CMD0="$TRACE $SOCAT $opts TCP4-LISTEN:$PORT SHELL:$tsh"
+    CMD1="$TRACE $SOCAT $opts /dev/null 
SOCKS5:$LOCALHOST4:17.34.51.68:85,socksport=$PORT"
+    printf "test $F_n $TEST... " $N
+    $CMD0 >/dev/null 2>"${te}0" &
+    pid0=$!
+    waittcp4port $PORT 1
+    $CMD1 >"${tf}1" 2>"${te}1"
+    rc1=$?
+    kill $pid0 2>/dev/null; wait
+    if [ "$rc1" -ne 0 ]; then
+       $PRINTF "$FAILED (rc1=$rc1)\n"
+       echo "$CMD0 &"
+       cat "${te}0" >&2
+       echo "$CMD1"
+       cat "${te}1" >&2
+       failed
+    else
+       $PRINTF "$OK\n"
+       if [ "$VERBOSE" ]; then echo "$CMD0 &"; fi
+       if [ "$DEBUG" ];   then cat "${te}0" >&2; fi
+       if [ "$VERBOSE" ]; then echo "$CMD1"; fi
+       if [ "$DEBUG" ];   then cat "${te}1" >&2; fi
+       ok
+    fi
+fi # NUMCOND
+ ;;
+esac
+N=$((N+1))
+
+
 # >>>
 
 # end of common tests
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/socat-1.8.1.1/xio-socks5.h 
new/socat-1.8.1.3/xio-socks5.h
--- old/socat-1.8.1.1/xio-socks5.h      2023-11-13 20:31:08.000000000 +0100
+++ new/socat-1.8.1.3/xio-socks5.h      2026-06-25 14:59:38.000000000 +0200
@@ -23,7 +23,7 @@
        uint8_t command;
        uint8_t reserved;
        uint8_t address_type;
-       char    dstdata[];
+       unsigned char dstdata[];
 };
 
 struct socks5_reply {
@@ -31,7 +31,7 @@
        uint8_t reply;
        uint8_t reserved;
        uint8_t address_type;
-       char    dstdata[];
+       unsigned char dstdata[];
 };
 
 extern const struct addrdesc xioaddr_socks5_connect;

Reply via email to